User having WRITE permission couldn't update a document
I think i reproduced the bug Jim mentioned:
A user having WRITE permission couldn't update a document.
Here are steps I did:
1. Create a simple document under user uid=jing. This document gives "READ+WRITE" permission to user uid=tao.
2. Save the document to metacat dev server as jing.4.1
3. Switch to another profile which has uid=tao.
4. Search online to find jing.4.1 and open it.
5. Make minor change on its title.
6. Save it to metacat and get the error:
<error>User tried to update an access module when they don't have "ALL" permission!</error>
I did another test:
All conditions are same except giving uid=tao "ALL" permission rather than "READ+WRITE" permission. This time, the updated document by uid=tao can be sent to metacat successfully.
It seems metacat doesn't handle a user's update action correctly, who only has "READ+WRITE" permission.
#1 Updated by Matt Jones over 9 years ago
This might be a regression due to recent access control handling changes. From my fuzzy memory, I seem to remember that we used to have some logic in the code that would check to see if an EML document was being updated whether there were changes to the access rules -- if not, then only write permission was needed for the update, but if access changes then ALL permission or ChangePermission permission would be needed. Maybe now we are failing to detect the case of an EML document being updated without changes to its access rules?